Actually throws a NullPointerException, as the authentication is null because the session cookie has expired. This can be replicated by logging in, then clearing all cache and then pressing the logout link. In v2.0.4, it would show the exception, but now we hide any uncaught exceptions